/// <summary>
/// Method to execute the command
/// </summary>
private void GetVaultSettingsFile()
{
AzureSubscription subscription = DefaultProfile.Context.Subscription;
// Generate certificate
X509Certificate2 cert = CertUtils.CreateSelfSignedCertificate(VaultCertificateExpiryInHoursForHRM, subscription.Id.ToString(), this.Vault.Name);
ASRSite site = new ASRSite();
if (!string.IsNullOrEmpty(this.SiteIdentifier) && !string.IsNullOrEmpty(this.SiteFriendlyName))
{
site.ID = this.SiteIdentifier;
site.Name = this.SiteFriendlyName;
}
// Generate file.
ASRVaultCreds vaultCreds = RecoveryServicesClient.GenerateVaultCredential(
cert,
this.Vault,
site);
string filePath = string.IsNullOrEmpty(this.Path) ? Utilities.GetDefaultPath() : this.Path;
string fileName = this.GenerateFileName();
// write the content to a file.
VaultSettingsFilePath output = new VaultSettingsFilePath()
{
FilePath = Utilities.WriteToFile <ASRVaultCreds>(vaultCreds, filePath, fileName)
};
// print the path to the user.
this.WriteObject(output, true);
}
/// <summary>
/// Method to generate the credential file content
/// </summary>
/// <param name="managementCert">management cert</param>
/// <param name="acsDetails">ACS details</param>
/// <param name="channelIntegrityKey">Integrity key</param>
/// <param name="vault">vault object</param>
/// <param name="site">site object</param>
/// <returns>vault credential object</returns>
private ASRVaultCreds GenerateCredentialObject(
X509Certificate2 managementCert,
VaultCertificateResponse acsDetails,
string channelIntegrityKey,
ARSVault vault,
ASRSite site)
{
string serializedCertificate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx));
AcsNamespace acsNamespace = new AcsNamespace(acsDetails.Properties as ResourceCertificateAndAcsDetails);
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
ASRVaultCreds vaultCreds = new ASRVaultCreds(
vault.SubscriptionId,
vault.Name,
serializedCertificate,
acsNamespace,
channelIntegrityKey,
vault.ResourceGroupName,
site.ID,
site.Name,
resourceProviderNamespace,
resourceType,
vault.Location);
return(vaultCreds);
}
/// <summary>
/// Gets the vault credential object
/// </summary>
/// <param name="managementCert">certificate to be uploaded</param>
/// <param name="vault">vault object</param>
/// <param name="site">site object</param>
/// <param name="authType">authentication type</param>
/// <returns>credential object</returns>
public ASRVaultCreds GenerateVaultCredential(
X509Certificate2 managementCert,
ARSVault vault,
ASRSite site,
string authType)
{
ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.arsVaultCreds;
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
Logger.Instance.WriteDebug(string.Format(
"GenerateVaultCredential resourceProviderNamespace = {0}, resourceType = {1}",
resourceProviderNamespace,
resourceType));
// Update vault settings with the working vault to generate file
Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
{
ResourceGroupName = vault.ResourceGroupName,
ResourceName = vault.Name,
ResourceNamespace = resourceProviderNamespace,
ARMResourceType = resourceType
});
// Get Channel Integrity key
string channelIntegrityKey;
string getChannelIntegrityKey = this.GetCurrentVaultChannelIntegrityKey();
// Making sure we can generate the file, once the SDK and portal are inter-operable
// upload certificate and fetch of ACIK can be made parallel to improvve the performace.
// Upload certificate
VaultCertificateResponse uploadCertificate = this.UpdateVaultCertificate(
managementCert,
authType);
channelIntegrityKey = getChannelIntegrityKey;
ASRVaultCreds arsVaultCreds = this.GenerateCredentialObject(
managementCert,
uploadCertificate,
channelIntegrityKey,
vault,
site);
// Update back the original vault settings
Utilities.UpdateCurrentVaultContext(currentVaultContext);
return(arsVaultCreds);
}
/// <summary>
/// Gets the vault credential object
/// </summary>
/// <param name="managementCert">certificate to be uploaded</param>
/// <param name="vault">vault object</param>
/// <returns>credential object</returns>
public ASRVaultCreds GenerateVaultCredential(X509Certificate2 managementCert, ARSVault vault, ASRSite site)
{
ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.arsVaultCreds;
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
// Update vault settings with the working vault to generate file
Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
{
ResourceGroupName = vault.ResourceGroupName,
ResourceName = vault.Name,
ResourceNamespace = resourceProviderNamespace,
ARMResourceType = resourceType
});
// Get Channel Integrity key
string channelIntegrityKey;
Task<string> getChannelIntegrityKey = this.GetChannelIntegrityKey();
// Making sure we can generate the file, once the SDK and portal are inter-operable
// upload certificate and fetch of ACIK can be made parallel to improvve the performace.
getChannelIntegrityKey.Wait();
// Upload certificate
UploadCertificateResponse acsDetails;
Task<UploadCertificateResponse> uploadCertificate = this.UpdateVaultCertificate(managementCert);
uploadCertificate.Wait();
acsDetails = uploadCertificate.Result;
channelIntegrityKey = getChannelIntegrityKey.Result;
ASRVaultCreds arsVaultCreds = this.GenerateCredentialObject(
managementCert,
acsDetails,
channelIntegrityKey,
vault,
site);
// Update back the original vault settings
Utilities.UpdateCurrentVaultContext(currentVaultContext);
return arsVaultCreds;
}
/// <summary>
/// Method to execute the command
/// </summary>
private void GetVaultSettingsFile()
{
AzureSubscription subscription = DefaultProfile.Context.Subscription;
// Generate certificate
X509Certificate2 cert = CertUtils.CreateSelfSignedCertificate(VaultCertificateExpiryInHoursForHRM, subscription.Id.ToString(), this.Vault.Name);
ASRSite site = new ASRSite();
if (!string.IsNullOrEmpty(this.SiteIdentifier) && !string.IsNullOrEmpty(this.SiteFriendlyName))
{
site.ID = this.SiteIdentifier;
site.Name = this.SiteFriendlyName;
}
// Generate file.
ASRVaultCreds vaultCreds = RecoveryServicesClient.GenerateVaultCredential(
cert,
this.Vault,
site);
string filePath = string.IsNullOrEmpty(this.Path) ? Utilities.GetDefaultPath() : this.Path;
string fileName = this.GenerateFileName();
// write the content to a file.
VaultSettingsFilePath output = new VaultSettingsFilePath()
{
FilePath = Utilities.WriteToFile<ASRVaultCreds>(vaultCreds, filePath, fileName)
};
// print the path to the user.
this.WriteObject(output, true);
}
/// <summary>
/// Generates vault creds file content for Site Recovery Vault
/// </summary>
/// <param name="cert">management certificate</param>
/// <param name="subscriptionId">subscription Id</param>
/// <param name="vaultCertificateResponse">vaultCertificate Response</param>
/// <param name="asrSite">asrSite Info</param>
/// <returns>xml file in string format</returns>
private string GenerateVaultCredsForSiteRecovery(X509Certificate2 cert, string subscriptionId,
VaultCertificateResponse vaultCertificateResponse, ASRSite asrSite)
{
using (var output = new MemoryStream())
{
using (var writer = XmlWriter.Create(output, GetXmlWriterSettings()))
{
ResourceCertificateAndAadDetails aadDetails = vaultCertificateResponse.Properties as ResourceCertificateAndAadDetails;
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(this.Vault.ID, out resourceProviderNamespace, out resourceType);
Logger.Instance.WriteDebug(string.Format(
"GenerateVaultCredential resourceProviderNamespace = {0}, resourceType = {1}",
resourceProviderNamespace,
resourceType));
// Update vault settings with the working vault to generate file
Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
{
ResourceGroupName = this.Vault.ResourceGroupName,
ResourceName = this.Vault.Name,
ResourceNamespace = resourceProviderNamespace,
ARMResourceType = resourceType
});
//Code taken from Ibiza code
string aadAudience = string.Format(CultureInfo.InvariantCulture,
@"https://RecoveryServiceVault/{0}/{1}/{2}",
Vault.Location,
Vault.Name,
aadDetails.ResourceId);
RSVaultAsrCreds vaultCreds = new RSVaultAsrCreds()
{
VaultDetails = new ASRVaultDetails
{
SubscriptionId = subscriptionId,
ResourceGroup = this.Vault.ResourceGroupName,
ResourceName = this.Vault.Name,
ResourceId = aadDetails.ResourceId.Value,
Location = Vault.Location,
ResourceType = RecoveryServicesVaultType,
ProviderNamespace = PSRecoveryServicesClient.ProductionRpNamespace
},
ManagementCert = CertUtils.SerializeCert(cert, X509ContentType.Pfx),
Version = VaultCredentialVersionAad,
AadDetails = new ASRVaultAadDetails
{
AadAuthority = aadDetails.AadAuthority,
AadTenantId = aadDetails.AadTenantId,
ServicePrincipalClientId = aadDetails.ServicePrincipalClientId,
AadVaultAudience = aadAudience,
ArmManagementEndpoint = aadDetails.AzureManagementEndpointAudience
},
ChannelIntegrityKey = this.RecoveryServicesClient.GetCurrentVaultChannelIntegrityKey(),
SiteId = asrSite.ID == null ? String.Empty : asrSite.ID,
SiteName = asrSite.Name == null ? String.Empty : asrSite.Name
};
DataContractSerializer serializer = new DataContractSerializer(typeof(RSVaultAsrCreds));
serializer.WriteObject(writer, vaultCreds);
}
return(Encoding.UTF8.GetString(output.ToArray()));
}
}
/// <summary>
/// Method to execute the command
/// </summary>
private void GetSiteRecoveryCredentials()
{
IAzureSubscription subscription = DefaultProfile.DefaultContext.Subscription;
// Generate certificate
X509Certificate2 cert = CertUtils.CreateSelfSignedCertificate(
VaultCertificateExpiryInHoursForHRM,
subscription.Id.ToString(),
this.Vault.Name);
ASRSite site = new ASRSite();
if (!string.IsNullOrEmpty(this.SiteIdentifier) &&
!string.IsNullOrEmpty(this.SiteFriendlyName))
{
site.ID = this.SiteIdentifier;
site.Name = this.SiteFriendlyName;
}
string fileName = this.GenerateFileName();
string filePath = string.IsNullOrEmpty(this.Path) ? Utilities.GetDefaultPath() : this.Path;
// Generate file.
if (RecoveryServicesClient.getVaultAuthType(this.Vault.ResourceGroupName, this.Vault.Name) == 0)
{
ASRVaultCreds vaultCreds = RecoveryServicesClient.GenerateVaultCredential(
cert,
this.Vault,
site,
AuthType.ACS);
// write the content to a file.
VaultSettingsFilePath output = new VaultSettingsFilePath()
{
FilePath = Utilities.WriteToFile <ASRVaultCreds>(vaultCreds, filePath, fileName)
};
// print the path to the user.
this.WriteObject(output, true);
}
else
{
string fullFilePath = System.IO.Path.Combine(filePath, fileName);
WriteDebug(
string.Format(
CultureInfo.InvariantCulture,
Resources.ExecutingGetVaultCredCmdlet,
subscription.Id,
this.Vault.ResourceGroupName,
this.Vault.Name,
fullFilePath));
VaultCertificateResponse vaultCertificateResponse = null;
try
{
// Upload cert into ID Mgmt
WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadingCertToIdmgmt));
vaultCertificateResponse = UploadCert(cert);
WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadedCertToIdmgmt));
// generate vault credentials
string vaultCredsFileContent = GenerateVaultCredsForSiteRecovery(
cert,
subscription.Id,
vaultCertificateResponse,
site);
WriteDebug(string.Format(Resources.SavingVaultCred, fullFilePath));
File.WriteAllBytes(fullFilePath, Encoding.UTF8.GetBytes(vaultCredsFileContent));
VaultSettingsFilePath output = new VaultSettingsFilePath()
{
FilePath = fullFilePath,
};
// Output filename back to user
WriteObject(output, true);
}
catch (Exception exception)
{
throw exception;
}
}
}
/// <summary>
/// Method to generate the credential file content
/// </summary>
/// <param name="managementCert">management cert</param>
/// <param name="acsDetails">ACS details</param>
/// <param name="channelIntegrityKey">Integrity key</param>
/// <param name="vault">vault object</param>
/// <param name="site">site object</param>
/// <returns>vault credential object</returns>
private ASRVaultCreds GenerateCredentialObject(X509Certificate2 managementCert, UploadCertificateResponse acsDetails, string channelIntegrityKey, ARSVault vault, ASRSite site)
{
string serializedCertifivate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx));
AcsNamespace acsNamespace = new AcsNamespace(acsDetails);
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
ASRVaultCreds vaultCreds = new ASRVaultCreds(
vault.SubscriptionId,
vault.Name,
serializedCertifivate,
acsNamespace,
channelIntegrityKey,
vault.ResourceGroupName,
site.ID,
site.Name,
resourceProviderNamespace,
resourceType,
vault.Location);
return vaultCreds;
}
private void GetSiteRecoveryCredentialsWithCertificate(string certificate)
{
var subscriptionId = DefaultContext.Subscription.Id;
var site = new ASRSite();
if (!string.IsNullOrEmpty(SiteIdentifier) &&
!string.IsNullOrEmpty(SiteFriendlyName))
{
site.ID = SiteIdentifier;
site.Name = SiteFriendlyName;
}
try
{
var fileName = GenerateFileName();
var filePath = string.IsNullOrEmpty(Path) ? Utilities.GetDefaultPath() : Path;
var fullFilePath = System.IO.Path.Combine(filePath, fileName);
// Upload cert into ID Mgmt
WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadingCertToIdmgmt));
X509Certificate2 x509 = new X509Certificate2();
byte[] data = Convert.FromBase64String(certificate);
x509.Import(data);
var bytes = x509.RawData;
var certificateArgs = new CertificateRequest
{
Properties = new RawCertificateData {
Certificate = bytes, AuthType = AuthType.AAD
}
};
var dateString = DateTime.Now.ToString("M-d-yyyy");
var friendlyName = string.Format("{0}{1}-{2}-vaultcredentials", Vault.Name, subscriptionId, dateString);
var vaultCertificateResponse = RecoveryServicesClient.GetRecoveryServicesClient.VaultCertificates.CreateWithHttpMessagesAsync(
Vault.ResourceGroupName,
Vault.Name,
friendlyName,
certificateArgs.Properties,
RecoveryServicesClient.GetRequestHeaders()).Result.Body;
WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadedCertToIdmgmt));
var vaultCredsFileContent = GenerateVaultCredsForSiteRecovery(
certificate,
subscriptionId,
vaultCertificateResponse,
site);
WriteDebug(string.Format(Resources.SavingVaultCred, fullFilePath));
AzureSession.Instance.DataStore.WriteFile(fullFilePath, Encoding.UTF8.GetBytes(vaultCredsFileContent));
var output = new VaultSettingsFilePath
{
FilePath = fullFilePath,
};
// Output filename back to user
WriteObject(output, true);
}
catch (Exception exception)
{
throw exception;
}
}
private void GetSiteRecoveryCredentialsWithCertificate(string certificate)
{
string subscriptionId = DefaultContext.Subscription.Id.ToString();
VaultCertificateResponse vaultCertificateResponse = null;
ASRSite site = new ASRSite();
if (!string.IsNullOrEmpty(this.SiteIdentifier) &&
!string.IsNullOrEmpty(this.SiteFriendlyName))
{
site.ID = this.SiteIdentifier;
site.Name = this.SiteFriendlyName;
}
try
{
string fileName = this.GenerateFileName();
string filePath = string.IsNullOrEmpty(this.Path) ? Utilities.GetDefaultPath() : this.Path;
string fullFilePath = System.IO.Path.Combine(filePath, fileName);
// Upload cert into ID Mgmt
WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadingCertToIdmgmt));
byte[] bytes = Encoding.ASCII.GetBytes(certificate);
var certificateArgs = new CertificateRequest();
certificateArgs.Properties = new RawCertificateData();
certificateArgs.Properties.Certificate = bytes;
certificateArgs.Properties.AuthType = AuthType.AAD;
string dateString = DateTime.Now.ToString("M-d-yyyy");
var friendlyName = string.Format("{0}{1}-{2}-vaultcredentials", this.Vault.Name, subscriptionId, dateString);
vaultCertificateResponse = RecoveryServicesClient.GetRecoveryServicesClient.VaultCertificates.CreateWithHttpMessagesAsync(
this.Vault.ResourceGroupName,
this.Vault.Name,
friendlyName,
certificateArgs,
RecoveryServicesClient.GetRequestHeaders()).Result.Body;
WriteDebug(string.Format(CultureInfo.InvariantCulture, Resources.UploadedCertToIdmgmt));
string vaultCredsFileContent = GenerateVaultCredsForSiteRecovery(
certificate,
subscriptionId,
vaultCertificateResponse,
site);
WriteDebug(string.Format(Resources.SavingVaultCred, fullFilePath));
AzureSession.Instance.DataStore.WriteFile(fullFilePath, Encoding.UTF8.GetBytes(vaultCredsFileContent));
VaultSettingsFilePath output = new VaultSettingsFilePath()
{
FilePath = fullFilePath,
};
// Output filename back to user
WriteObject(output, true);
}
catch (Exception exception)
{
throw exception;
}
}
/// <summary>
/// Gets the vault credential object
/// </summary>
/// <param name="managementCert">certificate to be uploaded</param>
/// <param name="vault">vault object</param>
/// <returns>credential object</returns>
public ASRVaultCreds GenerateVaultCredential(X509Certificate2 managementCert, ARSVault vault, ASRSite site)
{
ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.asrVaultCreds;
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
// Update vault settings with the working vault to generate file
Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
{
ResourceGroupName = vault.ResouceGroupName,
ResourceName = vault.Name,
ResourceNamespace = resourceProviderNamespace,
ARMResourceType = resourceType
});
// Get Channel Integrity key
string channelIntegrityKey;
Task <string> getChannelIntegrityKey = this.GetChannelIntegrityKey();
// Making sure we can generate the file, once the SDK and portal are inter-operable
// upload certificate and fetch of ACIK can be made parallel to improvve the performace.
getChannelIntegrityKey.Wait();
// Upload certificate
UploadCertificateResponse acsDetails;
Task <UploadCertificateResponse> uploadCertificate = this.UpdateVaultCertificate(managementCert);
uploadCertificate.Wait();
acsDetails = uploadCertificate.Result;
channelIntegrityKey = getChannelIntegrityKey.Result;
ASRVaultCreds asrVaultCreds = this.GenerateCredentialObject(
managementCert,
acsDetails,
channelIntegrityKey,
vault,
site);
// Update back the original vault settings
Utilities.UpdateCurrentVaultContext(currentVaultContext);
return(asrVaultCreds);
}
